Recent Uptick in Cyberattacks Against Credit Unions and Third-Party Service Providers
The National Credit Union Administration has observed a concerning rise in cyberattacks against credit unions, credit union service organizations (CUSOs), and other third-party vendors supplying financial services products. These attacks include incidents directly related to critical vulnerabilities in the MOVEit Transfer web application, as well as other attacks unrelated to MOVEit. The critical vulnerabilities in the MOVEit Transfer web application are:
CVE-2023-34362;
CVE-2023-35036; and
CVE-2023-35708.
The NCUA is asking credit unions to be vigilant in protecting their data and operations from all threats, including ransomware, phishing or social engineering leading to business email compromises, and distributed denial-of-service (DDoS) attacks.
We urge all credit unions and associated entities to take immediate and comprehensive action to protect their systems, sensitive data, and the financial well-being of their members. The NCUA recommends the mitigation steps and best practices listed below to safeguard against these evolving cyber threats:
Patch and Update MOVEit Transfer Web Application: If your organization uses the MOVEit Transfer web application, apply the necessary security patches immediately to address the vulnerability. Progress Software released a security advisory that details the risks and mitigation steps, which can be accessed on the Cybersecurity & Infrastructure Security Agency website.
Multi-Factor Authentication: Implement multi-factor authentication for all sensitive accounts and systems, including email accounts and remote access portals. This adds an extra layer of protection against unauthorized access and phishing attempts.
Employee Cybersecurity Awareness Training: Conduct regular cybersecurity training for all employees to raise awareness about phishing, social engineering, and other common attacks. Educate employees about the risks and implications of clicking on suspicious links or opening malicious attachments.
Email Security and Anti-Phishing Measures: Deploy advanced email security solutions with phishing detection and blocking capabilities. Utilize Slender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Authentication, Reporting, and Conformance (DMARC) protocols to prevent email spoofing and enhance email authenticity.
Incident Response Plan: Develop and regularly test an incident response plan to ensure a swift and coordinated response in the event of a cyberattack. Assign specific roles and responsibilities to designated personnel and rehearse various attack scenarios.
Vendor Risk Management: Review and assess the cybersecurity practices of all third-party vendors that provide financial services and products, including CUSOs. Verify that vendors use sound risk management principles, have robust security measures in place, and review their security posture regularly.
Network Segmentation and DDoS Protection: Implement network segmentation to contain the impact of a potential compromise. Deploy DDoS protection measures, such as traffic filtering and rate limiting, to defend against DDoS attacks.
Regular Data Backups and Recovery Testing: Maintain frequent data backups and test the data recovery process regularly. In case of a ransomware attack, backups can prevent data loss and reduce the need to pay the ransom.
Threat Intelligence Sharing: Participate in threat intelligence sharing communities to stay informed about emerging threats and attack trends. Sharing information can help strengthen the industry’s collective defense.
Continuous Monitoring and Security Updates: Monitor network traffic, logs, and systems continuously to detect and respond promptly to any suspicious activities. Stay informed about the latest security updates and apply patches promptly.
Proactive cybersecurity measures safeguard the integrity, confidentiality, and availability of credit union systems and data. By adopting these mitigation steps and best practices, credit unions and their partners can enhance their security posture and protect against the recent uptick in cyberattacks.
If you require further assistance or have any questions related to cybersecurity, please contact your Regional Office or visit the NCUA’s Cybersecurity Resource Center.